feat(endpoint-groups): add endpoint-groups (#1837)

2025-07-24 15:59:41 +02:00 · 2018-04-26 18:08:46 +02:00 · 2018-04-26 18:08:46 +02:00 · 1162549209
commit 1162549209
parent 2ffcb946b1
58 changed files with 1838 additions and 265 deletions
--- a/api/http/handler/docker.go
+++ b/api/http/handler/docker.go
@ -20,6 +20,7 @@ type DockerHandler struct {
 	*mux.Router
 	Logger                *log.Logger
 	EndpointService       portainer.EndpointService
+	EndpointGroupService  portainer.EndpointGroupService
 	TeamMembershipService portainer.TeamMembershipService
 	ProxyManager          *proxy.Manager
 }
@ -64,9 +65,17 @@ func (handler *DockerHandler) proxyRequestsToDockerAPI(w http.ResponseWriter, r
 		return
 	}

-	if tokenData.Role != portainer.AdministratorRole && !security.AuthorizedEndpointAccess(endpoint, tokenData.ID, memberships) {
-		httperror.WriteErrorResponse(w, portainer.ErrEndpointAccessDenied, http.StatusForbidden, handler.Logger)
-		return
+	if tokenData.Role != portainer.AdministratorRole {
+		group, err := handler.EndpointGroupService.EndpointGroup(endpoint.GroupID)
+		if err != nil {
+			httperror.WriteErrorResponse(w, err, http.StatusInternalServerError, handler.Logger)
+			return
+		}
+
+		if !security.AuthorizedEndpointAccess(endpoint, group, tokenData.ID, memberships) {
+			httperror.WriteErrorResponse(w, portainer.ErrEndpointAccessDenied, http.StatusForbidden, handler.Logger)
+			return
+		}
 	}

 	var proxy http.Handler